On 7/28/05, Dharanikanth Dugginni <dharanikanthd@xxxxxxxxx> wrote: > Lets suppose a host h1 is sending packets to addr N1 (this is the addr > for NAT box) I want to change this addr to a different addr which > will not be known until after few packets arrive from h1 to n1. > (Appears from the conntrack and NAT tables documenatation that after > the first packet, the DNAT table will not be used any more). Is there > a way to force subsequent pacekets in the same stream to always use > the DNAT table? Are you using stateful rules? If not, your DNAT rule handles packets heading to N1, and NAT code transparently deals with packets heading the other way. If you are using an ESTABLISHED state-matching rule, then only the first packet matches the DNAT rule, and then state matching rule allows subsequent packets through, while NAT still happens in the background. At least I think so. =)
